4a7150ab535c7ea3de1366603f913cd42e85fb790ed7d74a7586cbf186c3baa1

Sharing

Copy URL

Twitter E-mail

General

Target

Quantum.client.zip
Size

15.2MB
Sample

240519-1b5qpaag72
MD5

936f5403d1f031eceabad38035cbf1e2
SHA1

9305cbdcbb4e8a3e213209e029026c5924fa5495
SHA256

4a7150ab535c7ea3de1366603f913cd42e85fb790ed7d74a7586cbf186c3baa1
SHA512

1cff00750a79321fd16f738307a5c194d310c5499c26f9ac7ac2194cb48e855d23a92c00536d89d78b59456fdb48cc2fb6f27813a1833d90ea1fcc7fc413b988
SSDEEP

393216:4URRTKuF2qHli5w96u2+EBPjmkyuhadzmQbJ3wzceYqjU:4URRjFZiO966EBPXhrcepg

Score

8^/10

Malware Config

Targets

- Target
  
  Quantum.client.zip
- Size
  
  15.2MB
- MD5
  
  936f5403d1f031eceabad38035cbf1e2
- SHA1
  
  9305cbdcbb4e8a3e213209e029026c5924fa5495
- SHA256
  
  4a7150ab535c7ea3de1366603f913cd42e85fb790ed7d74a7586cbf186c3baa1
- SHA512
  
  1cff00750a79321fd16f738307a5c194d310c5499c26f9ac7ac2194cb48e855d23a92c00536d89d78b59456fdb48cc2fb6f27813a1833d90ea1fcc7fc413b988
- SSDEEP
  
  393216:4URRTKuF2qHli5w96u2+EBPjmkyuhadzmQbJ3wzceYqjU:4URRjFZiO966EBPXhrcepg
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Quantum loader/Config's/New folder/Scripts.txt
- Size
  
  3KB
- MD5
  
  c95839cdbb04cad97ad44698241a032c
- SHA1
  
  460e006f0a5441e323fce94cbdf558d9bf51af5c
- SHA256
  
  3089055528906d15281f288f8f4f8c780f2be6aaee60e5e2a5b2310caf7ed8c3
- SHA512
  
  cd785ddea31336434e6b6cbbc76b2f06a9bbf3d952cc5b9a25f4246940d274ad9ef31fad8cd12b88f581e562f913f5c0df0b0a3734ea76359174e8ffce7087b9
Score

1^/10
behavioral3 behavioral4
- Target
  
  Quantum loader/Quantum-Loader.exe
- Size
  
  15.5MB
- MD5
  
  81bbc72fad32d1171c49dae0d88f309a
- SHA1
  
  b6060ea112ffacdb7deb316dfda26a913ffae6d1
- SHA256
  
  8f1fb252d143dc714304a473a0b8ae7bef2088bc58e57bf9843ec8a1a0f5d4aa
- SHA512
  
  7f817cad2511886a96522edd7589eb9daf37a4bc2fddf07f8c8d2e8f47ec73bde1babec48946d01b79fbfe8aaf28c04ae6fd350267f37328ef94fe13d8c1f5e7
- SSDEEP
  
  393216:sOVPbsmX4w1v64dP0qZ0sRh5D+IJMdlxkUVNCyc9yyv:sOVPVXD66P0jsRhZJcxc9j
Score

8^/10

execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  Quantum loader/Script/Scripts.txt
- Size
  
  3KB
- MD5
  
  c95839cdbb04cad97ad44698241a032c
- SHA1
  
  460e006f0a5441e323fce94cbdf558d9bf51af5c
- SHA256
  
  3089055528906d15281f288f8f4f8c780f2be6aaee60e5e2a5b2310caf7ed8c3
- SHA512
  
  cd785ddea31336434e6b6cbbc76b2f06a9bbf3d952cc5b9a25f4246940d274ad9ef31fad8cd12b88f581e562f913f5c0df0b0a3734ea76359174e8ffce7087b9
Score

1^/10
behavioral7 behavioral8
- Target
  
  Quantum loader/Utilities/Avatars/QuantumPFP.ico
- Size
  
  198KB
- MD5
  
  cff44a4ad5bf9b01ca573230ba3b6bf2
- SHA1
  
  eb8d98bc326bbcf67375292c066393c76c4abcd7
- SHA256
  
  5f7f0bc35d806ea663b7aaa3b6bbb0a99940f821e1a88705d554da6463a4256a
- SHA512
  
  975a6ca81e1ff5a7a7f36186b861114eed55a16f571543543cd951a2ee234e31d8e8671957c8ef8b372b7da7bc76a73278c302a875ea602620ae6abaf07a223e
- SSDEEP
  
  192:MTXYU72XvOyQCZ/W3wE8O0FkUtoiIAJ76lJxM5B9Ml4RySiH3:UsFvIgzlqiIAYx4B9JwSiH3
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Command and Scripting Interpreter: PowerShell

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10